India cannot afford to lower its guard against the global ransomware attack as the world has not seen the last of the virus yet, the head of the country’s cybersecurity agency warned.ET Bureau | May 18, 2017, 08:12 IST

India cannot afford to lower its guard against the global ransomware attack as the world has not seen the last of the virus yet, the head of the country’s cybersecurity agency warned.

Although its impact on India has been relatively less, WannaCry — the largest ransomware attack to have hit the world — has not “seen its end” as multiple modules can still emerge and cause disruptions, said Sanjay Bahl, director general of the Indian Computer Emergency Response Team (CERT-In), in an interview to ET.

The threat is far from over because smartphones could be the next target for the cyber-attackers, Bahl said. The WannaCry ransomware has since Friday infected hundreds of thousands of desktops and laptops running on the Windows operating system.

“The larger operating system is on the mobile, which is Android. We don’t know what will happen if that gets hit. That will be a different ballgame altogether,” Bahl said, adding that CERT-In is preparing for that eventuality.

“Hackers will always be two steps ahead. We do not know what is going to come next and whether this is the end of this particular (attack) or if there will be a variant of it coming.”

The agency, he said, worked over the weekend to alert banks, power utilities, railways and other critical infrastructure providers before they opened for business on Monday and is working on increasing communication with individuals before the next big cyber-attack occurs.

For individuals, CERT-In put out an advisory on its website and conducted a webcast on Monday. The agency used its Facebook page and Twitter handle as well as the MyGov platform to spread the word, Bahl said.

“There was a massive outreach programme initiated on Saturday. It was a crisis situation and a lot of people were working behind the scenes,” said Bahl. “We are utilising all available channels… Going forward, we are going to leverage more,” he said.

India has been able to shield itself from the attack better than several other countries, with CERT-In receiving reports of only 85 machines infected as on Wednesday evening. Industry experts peg the number of infected computers at more than 40,000 across industries including banking, retail and manufacturing.

Globally, the virus is reported to have infected at least 200,000 computers across 150 countries. Bahl said CERT-In has been carrying out cybersecurity drills for government departments, providing them with crisis management plans and the steps to be taken in the case of an attack.

“We have 32 empanelled auditors who carry out technical audits, which help organisations fix (cybersecurity) gaps,” he said, adding that CERT-In has conducted training and awareness sessions for government administrators and CEOs. “I am not saying that everyone has participated but we have done it across the sectors.”

After news of the WannaCry ransomware attack broke, the agency carried out a massive outreach operation covering the Union and state governments as well as agencies such as the National Informatics Centre and the Unique Identification Authority of India that issues the Aadhaar digital identity numbers.

Alerts were also sent to the stakeholders in the defence, health and other sectors, the Reserve Bank of India, the Securities and Exchange Board of India, Airports Authority of India, the Railways, the academia, and state IT secretaries, Bahl said. “We reached out to everyone on Saturday, most of them personally on the telephone itself so that they can kickstart their operations on Saturday and complete it on Sunday.”

Bahl added that companies and government organisations affected by cyber-attacks should inform CERT-In because it is mandatory under the IT Act and as the information can help the agency improve its response. CERT-In’s network with other national cybersecurity agencies across the world also helped, Bahl said.

“Spain was one of the first to be impacted. Spanish CERT developed a detection-and-cleaning tool that we put out in our advisory. Though it is in Spanish, it will still help people,” he said.

CERT-In is increasing its capacity by launching sectoral CERTs for the financial, power and telecom industries, Bahl said. “This particular case has shown that there is a community of people willing to safeguard the digital assets that has come forward to hold hands and has worked very hard.”